\nMike Wilkes has had a career many cybersecurity professionals could only dream of. An adjunct professor, former CISO of Marvel and MLS, member of the World Economic Forum, drummer, and board member at the National Jazz Museum in Harlem, his interests and achievements are as eclectic as they are impressive. <\/p>\n
In the first edition of CISO Spotlight, we sat down with Mike to explore the skills, strategies, and stories that have defined his remarkable career \u2013 and got his take on the latest trends defining the modern cybersecurity industry. <\/p>\n
## From Philosophy to Firewalls<\/p>\n
As you have probably gathered, Mike Wilkes hasn\u2019t had a typical career path. With a background in philosophy and a master’s from Stanford in the philosophy of education, he began his career working in a Californian K-12 education think tank. However, it didn\u2019t take long for him to realize that he could put his talents to better use in the tech world. <\/p>\n
\u201cThere were more computers in the dumpsters of Palo Alto than in the classrooms,\u201d he said. \u201cI knew then that tech was where I could make a real difference.\u201d This realization led him to early roles in WebOps during the dot-com boom, where he helped launch digital platforms for Starbucks, PlayStation, and Macy\u2019s. <\/p>\n
But Mike was never just a web guy. \u201cI ran the infrastructure,\u201d he said. \u201cBefore DevOps was DevOps, we called it WebOps. Security wasn\u2019t a department back then \u2013 it was something you did so your servers didn\u2019t crash at 2 a.m.\u201d<\/p>\n
## A CISO Career Path Spanning Sectors<\/p>\n
Over the years, Mike has held CISO roles in a vast range of sectors \u2013 finance, entertainment, tech, sport, and more. \u201cI even like to say I kept Iron Man safe,\u201d he joked, referencing his time as CISO at Marvel. At the American Society of Composers, Authors and Publishers (ASCAP), the two sides of his identity \u2013 cybersecurity leader and jazz drummer \u2013 came together in harmony. \u201cBeing able to combine music and security in the same job? That was awesome.\u201d <\/p>\n
Mike has also worked with the World Economic Forum and co-authored papers on quantum security. \u201cIf you take machine learning and combine it with quantum, you get the Reese\u2019s Peanut Butter Cup of hype,\u201d he laughed. \u201cBut the real question is: how do you actually use these technologies to protect data?\u201d <\/p>\n
## The Two Types of CISOs and the Real Skills CISOs Need Today<\/p>\n
Considering his extensive and varied CISO experience, few people are better placed than Mike to offer insight into the role \u2013 and his opinion of many CISOs is pretty damning.<\/p>\n
\u201cThere are two types of CISOs: the player-coach and the pure coach,\u201d he argued. \u201cPlayer-coaches have the hard skills \u2013 they know how to login, read logs, and find threats. Pure coaches rely solely on influence and relationships.\u201d<\/p>\n
That said, while Mike does value technical depth, modern CISOs must also master business alignment. \u201cSomeone at a security conference once said, \u2018We don\u2019t just need security awareness training for employees \u2013 we need business awareness training for CISOs.\u2019 And that\u2019s stuck with me ever since. <\/p>\n
Security, he says, must not be the \u201cdepartment of no.\u201d He urged CISOs to say, \u201cNot yet, let\u2019s try it this way,\u201d instead of just saying, \u201cNo, you can\u2019t do that.\u201d He even went as far as to say that if CISOs don\u2019t understand how their company makes money, they’re not securing the business \u2013 they’re just slowing it down. <\/p>\n
## Advice for CISOs: Jedi Mind Tricks<\/p>\n
Mike\u2019s advice for CISOs is to approach the role with a healthy amount of pragmatism and subterfuge. \u201cYou have to use Jedi mind tricks,\u201d he says. \u201cMake your CEO think it was their idea. Present three options \u2013 maintain, downgrade, or upgrade \u2013 and guess what they\u2019ll pick.\u201d <\/p>\n
However, for Mike, succeeding as a CISO isn\u2019t just about clever use of suggestion \u2013 it\u2019s also about talking to CEOs and board members in concrete terms they understand. \u201cIf you say, \u2018This API could lead to a data breach,\u2019 that\u2019s abstract. If you say, \u2018This breach could cost $10 million and take our systems down for three days,\u2019 that\u2019s real.\u201d<\/p>\n
## Breach Cadence Over Breach Likelihood<\/p>\n
To further emphasize the importance of robust cybersecurity to key decision makers, Mike recommends changing the narrative: it\u2019s not about if an organization will suffer a breach; it\u2019s about _when. _<\/p>\n
\u201cAny company can be breached,\u201d he said, \u201cjust give the attackers enough time and motivation. So CISOs need to stop talking about likelihood. Talk about cadence.\u201d He contrasts two companies to illustrate the point. \u201cMaybe T-Mobile gets breached every few months. FireEye went five years before a breach. Ask your CEO: what would you pay for five years of peace?\u201d<\/p>\n
## The Hard Lesson Most Companies Learn Too Late<\/p>\n
One of cybersecurity\u2019s most significant problems, Mike argues, is that far too often, it takes a major breach to convince an organization that they need to improve their defenses. \u201cMost organizations won\u2019t spend $500,000 on prevention until they\u2019ve lost $5-10 million in a breach. It\u2019s like kids and hot stoves \u2013 you tell them it’s hot, but they don\u2019t learn until they burn their fingers.\u201d <\/p>\n
Mike believes that this reactive approach to cybersecurity is tantamount to outsourcing prioritization to attackers, with dire consequences. \u201cWe\u2019re letting threat actors determine what matters,\u201d he said, \u201cinstead of building resilience ourselves.\u201d<\/p>\n
## The Importance of API Security<\/p>\n
API security is an area that Mike believes deserves special attention. \u201c85% of all internet traffic is machine-to-machine \u2013 in other words, it’s APIs,\u201d he says. \u201cBut most companies don\u2019t even know how many APIs they have.\u201d <\/p>\n
He continues: \u201cThere\u2019s this thing called low-code\/no-code. People paste API keys into Slack or Salesforce without any review. That\u2019s like duct-taping a backdoor to your datacenter.\u201d<\/p>\n
So, what\u2019s the first step? \u201cVisibility. You can\u2019t protect what you don\u2019t know you have. But visibility isn\u2019t enough. You need control, documentation, monitoring, and context around data flows.\u201d <\/p>\n
## How AI is Democratizing Cybercrime<\/p>\n
Moving on to the topic of AI, Mike recognized that there are both risks and opportunities. \u201cAI has let the junior varsity play at the varsity level,\u201d he said. \u201cWe used to worry about nation states. Now we\u2019re worried about bored teenagers with AI tools.\u201d<\/p>\n
On the defensive side, however, Mike is more optimistic. \u201cEvery CISO should have an AI sidekick trained on company policy, capable of spotting anomalies and streamlining decisions. But they would need to deploy it responsibly, not just for its own sake.\u201d<\/p>\n
## People First, Always<\/p>\n
Now teaching at NYU and Columbia, Mike sees mentorship as an extension of his mission. \u201cI teach because I want to inspire the next generation. I want them to know that this work matters.\u201d <\/p>\n
His mentorship is an extension of his broader view on cybersecurity: \u201cThe product of cybersecurity is the avoidance of harm. And we do that through people, processes, and tools \u2013 in that order. Tools, while helpful, come last.\u201d<\/p>\n
Asked about his dream vacation, Mike replied, \u201cIceland. Volcanoes, glaciers, raw nature. Also, Japan, for the culture of respect for elders. Now that I _am_ an elder, that sounds good.\u201d<\/p>\n
And as for a cybersecurity theme song? Wilkes had AI write one: _Mirror, Mirror, on the Wall._ You can listen to it here.<\/p>\n
The post CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape appeared first on Wallarm.\n<\/p><\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape Update ID WALLARMLAB:204780A68D7D765F125BFE2B0237154A Type wallarmlab Published 2025-05-29T06:24:35…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,5,105],"class_list":["post-6081","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability","tag-wallarmlab"],"yoast_head":"\n
CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6081\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape Update ID WALLARMLAB:204780A68D7D765F125BFE2B0237154A Type wallarmlab Published 2025-05-29T06:24:35...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6081\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-29T03:38:42+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape\",\"datePublished\":\"2025-05-29T03:38:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081\"},\"wordCount\":1310,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"Vulnerability\",\"wallarmlab\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6081#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081\",\"name\":\"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-29T03:38:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6081\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6081#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6081","og_locale":"en_US","og_type":"article","og_title":"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem","og_description":"Security Update News Update Information Title CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape Update ID WALLARMLAB:204780A68D7D765F125BFE2B0237154A Type wallarmlab Published 2025-05-29T06:24:35...","og_url":"https:\/\/zero.redgem.net\/?p=6081","og_site_name":"zero redgem","article_published_time":"2025-05-29T03:38:42+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6081#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6081"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape","datePublished":"2025-05-29T03:38:42+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6081"},"wordCount":1310,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","Vulnerability","wallarmlab"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6081#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6081","url":"https:\/\/zero.redgem.net\/?p=6081","name":"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-29T03:38:42+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6081#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6081"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6081#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6081"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6081\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}